× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6bd154cf87c8d4defec18a16d0ae6d11d5626e35c8eadbcf36ee81517d2b228e
File name: AUPOST_info_23884.exe
Detection ratio: 2 / 55
Analysis date: 2016-01-29 08:58:51 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Rising PE:Malware.FakePDF@CV!1.9E05 [F] 20160129
Tencent Trojan.Win32.Qudamah.Gen.24 20160129
Ad-Aware 20160129
AegisLab 20160129
Yandex 20160128
AhnLab-V3 20160129
Alibaba 20160129
ALYac 20160129
Antiy-AVL 20160129
Arcabit 20160129
Avast 20160129
AVG 20160129
Avira (no cloud) 20160129
Baidu-International 20160129
BitDefender 20160129
Bkav 20160128
ByteHero 20160129
CAT-QuickHeal 20160129
ClamAV 20160129
CMC 20160129
Comodo 20160129
Cyren 20160129
DrWeb 20160129
Emsisoft 20160129
ESET-NOD32 20160129
F-Prot 20160129
F-Secure 20160129
Fortinet 20160129
GData 20160129
Ikarus 20160129
Jiangmin 20160129
K7AntiVirus 20160129
K7GW 20160129
Kaspersky 20160129
Malwarebytes 20160129
McAfee 20160129
McAfee-GW-Edition 20160129
Microsoft 20160129
eScan 20160129
NANO-Antivirus 20160129
nProtect 20160128
Panda 20160128
Qihoo-360 20160129
Sophos AV 20160129
SUPERAntiSpyware 20160129
Symantec 20160128
TheHacker 20160124
TotalDefense 20160129
TrendMicro 20160129
TrendMicro-HouseCall 20160129
VBA32 20160128
VIPRE 20160129
ViRobot 20160129
Zillya 20160128
Zoner 20160129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-11-08 10:36:28
Entry Point 0x00014AA6
Number of sections 4
PE sections
PE imports
RegRestoreKeyA
MakeSelfRelativeSD
GetSidLengthRequired
RegRestoreKeyW
RegDeleteKeyW
RegEnumValueA
CopySid
GetSecurityDescriptorControl
IsTokenRestricted
RegSetValueA
RegCreateKeyW
AdjustTokenPrivileges
InitializeAcl
RegSetKeySecurity
RegOpenKeyExW
RegNotifyChangeKeyValue
ImpersonateNamedPipeClient
RegSetValueW
DecryptFileW
EqualPrefixSid
LsaOpenPolicy
GetSidSubAuthorityCount
AbortSystemShutdownW
GetSidSubAuthority
RegEnumKeyW
RegQueryMultipleValuesW
MakeAbsoluteSD
GetKernelObjectSecurity
ClearEventLogW
SetFileSecurityW
AreAnyAccessesGranted
SetTokenInformation
RegOpenKeyW
LookupAccountNameW
OpenEventLogW
EqualSid
GetExplicitEntriesFromAclA
RegConnectRegistryA
RegQueryValueW
DuplicateTokenEx
AbortSystemShutdownA
PrivilegeCheck
LookupAccountNameA
IsValidSid
GetSidIdentifierAuthority
ImpersonateSelf
ObjectCloseAuditAlarmW
SetEntriesInAclW
OpenThreadToken
GetSecurityDescriptorSacl
CreateRestrictedToken
BuildSecurityDescriptorW
ReadEventLogW
GetLengthSid
ReportEventA
ObjectCloseAuditAlarmA
RegReplaceKeyW
CreateProcessAsUserW
RegCreateKeyExA
LsaRetrievePrivateData
RegDeleteValueW
RevertToSelf
BuildTrusteeWithSidA
AccessCheckAndAuditAlarmA
SetNamedSecurityInfoA
LsaFreeMemory
AllocateAndInitializeSid
SetSecurityDescriptorSacl
GetNumberOfEventLogRecords
MapGenericMask
LogonUserA
SetEntriesInAclA
RegUnLoadKeyW
FreeSid
LookupPrivilegeValueW
GetEffectiveRightsFromAclW
SetSecurityDescriptorGroup
SetNamedSecurityInfoW
IsValidSecurityDescriptor
GetStartupInfoA
CreateDirectoryExW
GetModuleHandleA
GlobalHandle
ClearCommBreak
GetModuleHandleW
Ord(324)
Ord(3825)
Ord(3147)
Ord(2124)
Ord(1775)
Ord(4425)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(641)
Ord(4353)
Ord(3136)
Ord(1024)
Ord(2982)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(1031)
Ord(5241)
Ord(1576)
Ord(1089)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(1047)
Ord(3798)
Ord(3259)
Ord(1041)
Ord(3081)
Ord(2648)
Ord(1037)
Ord(5280)
Ord(4407)
Ord(2446)
Ord(3830)
Ord(4079)
Ord(4078)
Ord(2725)
Ord(5065)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(561)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(5302)
Ord(1727)
Ord(3597)
Ord(2976)
Ord(2985)
Ord(4234)
Ord(2385)
Ord(815)
Ord(4486)
Ord(5300)
Ord(4698)
Ord(4998)
Ord(5163)
Ord(3922)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(2554)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(1036)
Ord(5261)
Ord(4465)
Ord(5731)
Ord(1094)
__CxxFrameHandler
wcsftime
_acmdln
__p__fmode
_adjust_fdiv
_sys_nerr
__p__commode
_setmbcp
__dllonexit
cosh
_onexit
_ismbchira
__getmainargs
_initterm
_controlfp
_y0
__setusermatherr
__set_app_type
VkKeyScanExW
Number of PE resources by type
RT_DIALOG 9
RT_ICON 8
RT_RCDATA 5
RT_GROUP_ICON 3
Ri8l7mj36 1
S6P70070S 1
JH88m 1
rh855o4 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
CHINESE NEUTRAL 18
ENGLISH US 13
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
495616

ImageVersion
0.0

ProductName
Apples Vassal

FileVersionNumber
0.118.99.5

LanguageCode
Unknown (VOYA)

FileFlagsMask
0x003f

FileDescription
Terrapins Sour Affine

CharacterSet
Unknown (GER)

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
Tapestries 0,186,211,245

TimeStamp
2005:11:08 11:36:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Apartness

ProductVersion
0,214,125,215

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
2010 (C) 2012

MachineType
Intel 386 or later, and compatibles

CompanyName
Deepnet Technologies

CodeSize
81920

FileSubtype
0

ProductVersionNumber
0.197.150.36

EntryPoint
0x14aa6

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 cec78e7982b32206dcfbbd99584e705b
SHA1 c8214e0dec4dcd044602516d8f70e17070a62de7
SHA256 6bd154cf87c8d4defec18a16d0ae6d11d5626e35c8eadbcf36ee81517d2b228e
ssdeep
12288:/o0pLhpHO1JFaH3kxsf220UtgtZxEly55ldgdsAXrFmAsVIMobumY:/Dxm1JUH3es+z1rWlm9gdnXrQfVlobS

authentihash 78e62ff27a3107bc749414e8d17dd801622f4c6808f6dead5f6bafac2d3fd320
imphash 5c08bde075ca60383c31daf8a9a6a9a9
File size 568.0 KB ( 581632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-29 08:58:51 UTC ( 3 years, 2 months ago )
Last submission 2016-06-06 20:19:29 UTC ( 2 years, 10 months ago )
File names forsendelse_20310.exe
isheriff_cec78e7982b32206dcfbbd99584e705b.bin
Filecoder.A1.exe
forsendelse_20310.exe
AUPOST_info_23884.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!